Microsoft removes Exchange 2013 patch after customers report snafus

Share this article:
MS13-061 was scrapped after Microsoft became aware that installing it causes problems.
MS13-061 was scrapped after Microsoft became aware that installing it causes problems.

Microsoft has pulled one of the patches it released Tuesday as part of its monthly security update.

MS13-061, which addresses three vulnerabilities in Exchange Server, was scrapped after Microsoft became aware that installing it causes problems. The issues do not occur in Exchange 2007 or 2010 environments, only 2013.

"Specifically...the content index for mailbox databases shows as "failed" and the Microsoft Exchange Search Host Controller service is renamed," according to a blog post from Ross Smith IV, principal program manager of the Exchange Server Product Group.

The three bugs actually lie in the way Exchange files are processed by Oracle Outside In, a set of libraries that software developers use to decode hundreds of file formats.

For administrators that already have deployed the patch, Microsoft recommends they apply KB 2879739, a workaround described here. For those who have not yet installed the fix, the software giant suggests they don't and instead follow the steps listed in the "Workaround" section (under the "Vulnerability Information – Oracle Outside in Contains Multiple Exploitable Vulnerabilities") portion of the original security bulletin.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Schumer: Feds should do 'top to bottom' probe of online drug marketplaces

Sen. Charles Schumer of New York has called on the federal law enforcement officials to stop "copy cat websites."

ShellShock vulnerability exploited in SMTP servers

Researchers at Trend Micro found that attackers were targeting Simple Mail Transfer Protocol (SMTP) servers to execute malicious code and an IRC bot.

Hackers grab email addresses of CurrentC pilot participants

Hackers grab email addresses of CurrentC pilot participants

Although the hack didn't breach the mobile payment app itself, consumer confidence may be shaken.